DenverRecruiter Since 2001
the smart solution for Denver jobs

Staff Product Security Engineer

Company: J&J Family of Companies
Location: Denver
Posted on: November 26, 2022

Job Description:

Staff Product Security Engineer - 2206081591WDescriptionThe Product Security and Services team within Johnson & Johnsons Information Security & Risk Management (ISRM) is recruiting for a full-time Staff Product Security Engineer to join the ISRM Product Security-JJSV team to provide support to Johnson & Johnson Surgical Vision (JJSV) R&D. Preferred location for this position is Irvine, CA or Milpitas, CA or Remote. This role may require up to 10% travel.Caring for the world, one person at a time has inspired and united the people of Johnson & Johnson for over 125 years. We embrace research and science -- bringing innovative ideas, products, and services to advance the health and well-being of people.With $82.1 billion in 2020 sales, Johnson & Johnson is the world's most comprehensive and broadly based manufacturer of health care products, as well as a provider of related services, for the consumer, pharmaceutical, and medical devices markets. Employees of the Johnson & Johnson Family of Companies work with partners in health care to touch the lives of over a billion people every day, throughout the world.If you have the talent and desire to touch the world, Johnson & Johnson has the career opportunities to help make it happen.Position SummaryThe Staff Product Security Engineer will be responsible for implementation of J&Js enterprise Product Security strategy and framework throughout Johnson & Johnson Surgical Vision (JJSV) medical device portfolio. This includes identifying key strategy and goals, collaborating with internal organizations on existing process and policy enhancements, creating and communicating metrics to senior management, identifying communications plans and raising overall awareness of the capability. Specific responsibilities include supporting JJSV R&D throughout a new products development phases, review product security requirements and recommend security design solutions, help complete Quality documentation, threat modelling, penetration testing, software architecture review and design recommendations, code analysis and other security testing or work as needed. Additionally, post market responsibilities for JJSVs marketed devices include monitoring for new vulnerabilities, assisting with patching and remediation plans, as well as responding to all customer security questionnaires and reviewing security language within contractual agreements.Major Duties & Responsibilities

  • Support Global Product Securitys framework:
  • Help drive Product Security strategy and goals within JJSV
  • Partner with internal organizations to improve existing processes and policies
  • Create and present Product Security metrics to senior management
  • Help carry out Product Security governance model for pre and post market devices.
  • Create remediation plans and assist the JJSV engineering team with remediation.
  • Respond to customer questionnaires and contractual language.
  • Perform other work-related duties as assigned.Qualifications
    • Minimum of a Bachelors degree is required, MS and/or advanced degree is preferred
    • A minimum of 6 years of experience in security and/or embedded software engineering functions is required
    • Knowledge of product or medical device security is preferred
    • Experience working with cloud based IoT management solutions is preferred
    • Understanding of Quality Design Control processes and FDA submission process is preferred
    • CISSP, CEH, MCSD, CSSLP or other certifications are preferred
    • Intimate knowledge of real-time operating system (i.e. QNX, Linux, Windows Embedded) hardening techniques are required
    • Ability to provide secure coding recommendations is required
    • Knowledge in at least one coding language (i.e. C/C , C#) with code review experience is required
    • Software engineering experience including securely building embedded applications is required
    • Ability to create and deliver Product Security awareness campaigns and other communications is required
    • Must possess understanding of pen testing, vulnerability scanning, CVSS and/or other general security testing principles with the ability to provide specific recommendations on how to fix resulting vulnerabilities.
    • Understanding embedded operating system security patching and vulnerability assessment is required
    • Ability to work autonomously and proactively seek out security opportunities within JJSV will be required
    • Big Picture/Attention to Detail align strategic and tactical.
    • Must be results oriented and ability to drive to timelines
    • Excellent interpersonal skills are required
    • Creative problem-solving skills and strong customer focus (internal & external) is required
    • Excellent communication and collaboration skills, able to network, interact and influence at all levels of the organization, cross sector, cross-functionally and globally is required
    • Must possess consistent record to influence/collaborate to get to desired result, and strong leadership skills are required
    • This role can be located in Irvine, CA or Milpitas, CA and may require up to 10% travelRemote work options may be considered on a case-by-case basis and if approved by the Company. The anticipated base pay range for this position is 83,000 to 123,500. Employees may be eligible to participate in Company employee benefit programs such as health insurance, savings plan, pension plan, disability plan, [long-term incentive include LTI only if applicable ], vacation pay, sick time, holiday pay, and work, personal and family time off in accordance with the terms of the applicable plans. Additional information can be found through the link below.At Johnson & Johnson, were on a mission to change the trajectory of health for humanity. That starts by creating the worlds healthiest workforce. Through cutting-edge programs and policies, we empower the physical, mental, emotional and financial health of our employees and the ones they love. As such, candidates offered employment must show proof of COVID-19 vaccination or secure an approved accommodation prior to the commencement of employment to support the well-being of our employees, their families and the communities in which we live and work.Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.For more information on how we support the whole health of our employees throughout their wellness, career and life journey, please visit Location NA-US-California-IrvineOther Locations NA-United States, NA-US-California-MilpitasOrganization Johnson & Johnson Services Inc. (6090)Job Function Information SecurityReq ID: 2206081591W

Keywords: J&J Family of Companies, Denver , Staff Product Security Engineer, Engineering , Denver, Colorado

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account

Get the latest Colorado jobs by following @recnetCO on Twitter!

Denver RSS job feeds